Deploy the ExtraHop Command Appliance with VMware

The ExtraHop Command appliance (ECA) is a virtual appliance that provides centralized management and reporting across multiple ExtraHop appliances distributed across datacenters, branch offices, and the public cloud. For most large ExtraHop deployments, a dedicated ECA is the most efficient way to manage and report across the remote nodes.

This guide explains how to install the ECA using the vSphere client running on a Windows machine. The guide assumes experience administering VMware ESX and ESXi environment. There is a way to install the OVA package using the command line tool called ovftool, but this approach is outside the scope of this guide. For more information about how to use this tool, refer to VMware documentation on http://www.vmware.com/support/.

Warning: Installing the ECA removes local customizations such as triggers, pages, and groups. After the installation, you must replace customizations from the ECA.

The following table is a guideline to achieve optimal performance with the ECA. These are minimum requirements that you may need to adjust depending on the size of your environment.

Scalability ExtraHop Nodes 1-4 5-16 17-64 65 or more
Provisioning Requirements CPU Cores 2 4 8 16
RAM 4 GB 8 GB 16 GB 24 GB
Disk Total 44 GB
Networking Requirements One 1 Gbps Ethernet network port accessible on port 443

Best Practices

To ensure proper functionality of the virtual appliance:

  • Always use thick provisioning.

  • Do not resize the disk.

  • Do not migrate the VM.

System Requirements

Installation of the Command virtual appliance has the following requirements:

  • An existing installation of VMware ESX/ESXi server version 5.0 and later

  • A vSphere client to deploy an OVF file

  • DNS connectivity for licensing purposes

  • The Network Time Protocol (NTP) enabled on the ECA and all managed nodes

    The following ESX/ESXi server hardware is required:

  • Processor: One Intel processing core with hyper-threading support, VT-x technology, and a processing speed of 2.5 GHz or higher

  • Memory: 4 GB or higher

  • Disk: 44 GB or higher

  • Network: One 1 Gbps Ethernet network port

  • Place in network: Near one of the managed ExtraHop appliances, but accessible on port 443 to all managed ExtraHop appliances

    If you are upgrading an ECA, make sure to upgrade the ECA first and then upgrade the nodes. To function correctly, the ECA and nodes must use the same minor version of ExtraHop firmware.

OVA Package Overview

The ECA is distributed as an OVA package that includes a preconfigured virtual machine (VM) with a 64-bit, Linux-based OS that is optimized to work with VMware ESX and ESXi version 4.0 and later.

OVF refers to a folder with files that define a preconfigured virtual machine. OVA refers to a single-archive file that contains the zipped contents of the OVF folder.

The preconfigured virtual appliance has the following default settings:

  • One CPU

  • 4 GB RAM

  • One 4 GB disk

  • One 40 GB disk

  • One bridged network interface

    You may need to adjust the preconfigured virtual appliance to scale to your environment, as shown in the table above.

Install the Command Virtual Appliance

To install the ECA, complete the following steps:

  1. Contact ExtraHop Support (support@extrahop.com) to obtain and download the OVA package.

  2. Start the VMware vSphere client and connect to your ESX server.

  3. Go to the File menu and select Deploy OVF Template.

  4. The steps to deploy OVF template are described in detail below. For most deployments, the default settings are sufficient.

    1. Source: Browse to the location of the downloaded OVA file and then click Next.

    2. OVF Template Details: Review the details and then click Next.

    3. Name and Location: Configure the VM name and location. Give the VM a unique and specific name for the ESX Inventory and then click Next.

    4. Disk Format: Select Thick Provision Lazy Zeroed and then click Next.

    5. Network Mapping: Map the OVF-configured network interface labels with the correct ESX-configured interface labels and then click Next.

    6. Ready to Complete: Verify the configuration, select the Power on after deployment checkbox, and then click Finish to begin the deployment.

  5. When the deployment is complete, you can see the unique name you assigned to the ExtraHop VM instance in the inventory tree for the ESX server to which it was deployed.

  6. The ECA contains a preconfigured bridged virtual interface with the network label, VM Network. If your ESX has a different interface label, you must reconfigure the network adapter on the Command virtual appliance before starting it.

    1. Select the Summary tab.

    2. Click Edit Settings, select Network adapter 1, select the correct network label from the Network label drop-down list, and then click OK.

  7. Click the Command virtual appliance in the ESX Inventory and then select the Console tab.

  8. Click the console window and then press Enter to display the login prompt.

  9. Log in with the shell user account and the password default.

  10. Run the show ipaddr command to display the IP address of the ECA.

  11. Press Control-Alt-Delete to exit the window.

  12. The ECA is delivered with DHCP enabled. If your network does not support DHCP, no IP address would be acquired, and you must configure a static address manually. To configure a static IP address, complete the following steps:

    1. Log in to the console with the shell user account and the password default.

    2. Enable the privilege commands.

      extrahop>enable

      Password:default

      extrahop#

    3. Enter the configuration section.

      extrahop#config

      extrahop(config)#

    4. Enter the interface section.

      extrahop(config)#int

      extrahop(config-if)#

    5. Set the IP address and DNS using this syntax: ip ipaddr IP_ADDRESS NETMASK GATEWAY DNS_SERVER as shown in the following example.

      extrahop(config-if)#ip ipaddr 10.10.2.14 255.255.0.0 10.10.1.254 8.8.8.8

    6. Save the running config.

      extrahop(config-if)#exit

      extrahop(config) * #running_config save

      Would you like to write configuration changes to default config [Y/n]?: Y

      extrahop(config)#

  13. To add ExtraHop appliances to the ECA, go to the Cluster Settings section and click Nodes. For more information about adding a node, refer to the ExtraHop Admin UI Users Guide.

Published 2017-04-20 22:58